According to four people with knowledge of the situation, the Biden presidency is attempting to pass an executive order to strengthen security in its dwindling weeks in business.
The administrative order, which has cleared some inner barriers and is near to being published, incorporates training from a series of key breaches during the Biden administration, including the most recent , Treasury Department , steal attributed to , China, according to people familiar with the matter who didn’t want to be named to discuss details that hasn’t yet been made public.
Among the measures, it directs the government to implement” strong identity authentication and encryption” across communications, according to an undated draft of the order seen by , Bloomberg News. Intruders gained access to unclassified documents that were stored locally on laptops and desktop computers during the December Treasury hack. Email work that has been encrypted in the cloud might be protected from hackers who can hack into systems but are unable to open specific documents.
The U. S. National Security Council , didn’t respond to a request for comment.
In that , Treasury , incident, a sophisticated Chinese hacking group known as Silk Typhoon is believed to have stolen a digital key from , BeyondTrust Inc., a third-party service provider, and used it to access unclassified information relating to potential sanctions actions and other documents, according to two people familiar with the matter. The department declined to comment on the identity of the hackers, which hasn’t been previously reported.
Additionally, the draft executive order directs the government to develop guidelines to better secure cryptographic keys used by cloud software contractors, including by storing them in physical devices called hardware security modules, which store digital keys to keep them safe. Federal contractors would also need to better manage access under the executive order.
The draft order also aims to establish whether software providers adhere to established standards for cybersecurity, including using multifactor authentication and complicated passwords.
” In some instances, providers of software to the federal government commit to following cybersecurity practices, yet do not fix well-known exploitable vulnerabilities in their software, which puts the government at risk of compromise”, the draft states.
Whether President-elect , Donald Trump , will leave the executive order in place when he takes office remains unclear, though he’s vowed to pare back federal regulation. Trump has indicated that he intends to repeal another Biden administration order that would enshrine artificial intelligence.
___
© 2025 Bloomberg L. P
Distributed by Tribune Content Agency, LLC.
